Dave_Pisarek
Cirrus
CirrusASM signtures for CVE-2022-21445
Are there signatures to protect against this Oracle vulnerability?
Forum Discussion
5 Replies
Dave_PisarekI have not received any updates just yet.
- LiefZimmerman
Admin
Dave_Pisarek - I'll ask around - assuming you haven't already heard back from anyone on this.
- LiefZimmerman
A couple folks took a look around and we don't see anything official or otherwise. Odd.
I recommend opening a support case at https://support.f5.com/csp/home and requesting an escalation to the ASM Rules Team so that an official and authoritative answer is provided.
It would be great to have any resulting KB article linked here too.
Hope that helps.Lief
- AaronJB
SIRT
I'd agree with Lief - reading up on this CVE, it seems to be a Java deserialization gadget accessible prior to authentication. On that basis it's quite likely that there are existing ASM signatures which would trigger during exploitation, but your best route to get that confirmed is by opening a case with the Support organisation who will be able to escalate to the dedicated Threat Research team.
For what it's worth, I looked to see if any other customers had asked the question which would have resulted in an escalation, but there are zero references to that CVE that I can find.
I also couldn't find a good end-to-end PoC; the original writeup points to exploitation via chaining CVE-2022-21445 with a second CVE (from 2020), but they don't reveal the requests they make, only the end results
